cli4ai 1.1.5 → 1.2.1

package/dist/mcp/adapter.d.ts

@@ -0,0 +1,35 @@
+/**
+ * MCP Adapter - Converts CLI tools to MCP tools
+ */
+import { type Manifest, type CommandDef } from '../core/manifest.js';
+export interface McpTool {
+    name: string;
+    description: string;
+    inputSchema: {
+        type: 'object';
+        properties: Record<string, {
+            type: string;
+            description?: string;
+        }>;
+        required: string[];
+    };
+}
+export interface McpToolResult {
+    content: Array<{
+        type: 'text';
+        text: string;
+    }>;
+    isError?: boolean;
+}
+/**
+ * Convert a CLI command definition to MCP tool format
+ */
+export declare function commandToMcpTool(manifest: Manifest, cmdName: string, cmd: CommandDef): McpTool;
+/**
+ * Convert all commands in a manifest to MCP tools
+ */
+export declare function manifestToMcpTools(manifest: Manifest): McpTool[];
+/**
+ * Execute a CLI tool command and return MCP-formatted result
+ */
+export declare function executeTool(entryPath: string, runtime: string, command: string, args: Record<string, string>, argOrder?: string[]): Promise<McpToolResult>;

package/dist/mcp/adapter.js

@@ -0,0 +1,94 @@
+/**
+ * MCP Adapter - Converts CLI tools to MCP tools
+ */
+import { spawn } from 'child_process';
+/**
+ * Convert a CLI command definition to MCP tool format
+ */
+export function commandToMcpTool(manifest, cmdName, cmd) {
+    const properties = {};
+    const required = [];
+    // Convert args to JSON Schema properties
+    if (cmd.args) {
+        for (const arg of cmd.args) {
+            properties[arg.name] = {
+                type: 'string',
+                description: arg.description
+            };
+            if (arg.required) {
+                required.push(arg.name);
+            }
+        }
+    }
+    return {
+        name: `${manifest.name}_${cmdName}`,
+        description: `${manifest.name}: ${cmd.description || cmdName}`,
+        inputSchema: {
+            type: 'object',
+            properties,
+            required
+        }
+    };
+}
+/**
+ * Convert all commands in a manifest to MCP tools
+ */
+export function manifestToMcpTools(manifest) {
+    const tools = [];
+    if (manifest.commands) {
+        for (const [cmdName, cmdDef] of Object.entries(manifest.commands)) {
+            tools.push(commandToMcpTool(manifest, cmdName, cmdDef));
+        }
+    }
+    return tools;
+}
+/**
+ * Execute a CLI tool command and return MCP-formatted result
+ */
+export async function executeTool(entryPath, runtime, command, args, argOrder) {
+    return new Promise((resolve) => {
+        // Build command arguments
+        const cmdArgs = [command];
+        // Prefer manifest-defined arg order (positional), fall back to stable ordering.
+        const orderedKeys = argOrder ?? Object.keys(args).sort();
+        for (const key of orderedKeys) {
+            const value = args[key];
+            if (value !== undefined && value !== '')
+                cmdArgs.push(value);
+        }
+        const runtimeArgs = runtime === 'node'
+            ? [entryPath, ...cmdArgs]
+            : ['run', entryPath, ...cmdArgs];
+        const proc = spawn(runtime, runtimeArgs, {
+            stdio: ['pipe', 'pipe', 'pipe'],
+            env: { ...process.env }
+        });
+        let stdout = '';
+        let stderr = '';
+        proc.stdout.on('data', (data) => {
+            stdout += data.toString();
+        });
+        proc.stderr.on('data', (data) => {
+            stderr += data.toString();
+        });
+        proc.on('close', (code) => {
+            if (code !== 0) {
+                resolve({
+                    content: [{ type: 'text', text: stderr || `Command failed with exit code ${code}` }],
+                    isError: true
+                });
+            }
+            else {
+                resolve({
+                    content: [{ type: 'text', text: stdout || 'Command completed successfully' }]
+                });
+            }
+        });
+        proc.on('error', (err) => {
+            resolve({
+                content: [{ type: 'text', text: `Failed to execute: ${err.message}` }],
+                isError: true
+            });
+        });
+    });
+}

package/dist/mcp/config-gen.d.ts

@@ -0,0 +1,31 @@
+/**
+ * MCP Config Generator - Generate Claude Code MCP configuration
+ */
+import { type Manifest } from '../core/manifest.js';
+export interface McpServerConfig {
+    command: string;
+    args: string[];
+    env?: Record<string, string>;
+}
+export interface ClaudeCodeConfig {
+    mcpServers: Record<string, McpServerConfig>;
+}
+/**
+ * Generate MCP server config for a single package
+ */
+export declare function generateServerConfig(manifest: Manifest, _packagePath: string): McpServerConfig;
+/**
+ * Generate Claude Code config for installed packages
+ */
+export declare function generateClaudeCodeConfig(cwd: string, options?: {
+    global?: boolean;
+    packages?: string[];
+}): ClaudeCodeConfig;
+/**
+ * Format config as JSON for Claude Code
+ */
+export declare function formatClaudeCodeConfig(config: ClaudeCodeConfig): string;
+/**
+ * Generate config snippet for adding to existing claude_desktop_config.json
+ */
+export declare function generateConfigSnippet(manifest: Manifest, packagePath: string): string;

package/dist/mcp/config-gen.js

@@ -0,0 +1,75 @@
+/**
+ * MCP Config Generator - Generate Claude Code MCP configuration
+ */
+import { tryLoadManifest } from '../core/manifest.js';
+import { findPackage, getGlobalPackages, getLocalPackages } from '../core/config.js';
+/**
+ * Generate MCP server config for a single package
+ */
+export function generateServerConfig(manifest, _packagePath) {
+    // Use cli4ai start command which handles the MCP server
+    return {
+        command: 'cli4ai',
+        args: ['start', manifest.name]
+    };
+}
+/**
+ * Load manifest for an installed package
+ */
+function loadPackageWithManifest(pkg) {
+    const manifest = tryLoadManifest(pkg.path);
+    if (!manifest)
+        return null;
+    return { name: pkg.name, path: pkg.path, manifest };
+}
+/**
+ * Generate Claude Code config for installed packages
+ */
+export function generateClaudeCodeConfig(cwd, options = {}) {
+    const mcpServers = {};
+    // Get installed packages
+    let installedPackages = [];
+    if (options.packages && options.packages.length > 0) {
+        // Specific packages requested
+        for (const pkgName of options.packages) {
+            const pkg = findPackage(pkgName, cwd);
+            if (pkg) {
+                installedPackages.push(pkg);
+            }
+        }
+    }
+    else {
+        // All installed packages
+        if (options.global) {
+            installedPackages = getGlobalPackages();
+        }
+        else {
+            installedPackages = [
+                ...getLocalPackages(cwd),
+                ...getGlobalPackages()
+            ];
+        }
+    }
+    // Load manifests and filter to MCP-enabled packages
+    for (const pkg of installedPackages) {
+        const pkgWithManifest = loadPackageWithManifest(pkg);
+        if (pkgWithManifest && pkgWithManifest.manifest.mcp?.enabled) {
+            mcpServers[`cli4ai-${pkgWithManifest.name}`] = generateServerConfig(pkgWithManifest.manifest, pkgWithManifest.path);
+        }
+    }
+    return { mcpServers };
+}
+/**
+ * Format config as JSON for Claude Code
+ */
+export function formatClaudeCodeConfig(config) {
+    return JSON.stringify(config, null, 2);
+}
+/**
+ * Generate config snippet for adding to existing claude_desktop_config.json
+ */
+export function generateConfigSnippet(manifest, packagePath) {
+    const serverConfig = generateServerConfig(manifest, packagePath);
+    const serverName = `cli4ai-${manifest.name}`;
+    return `"${serverName}": ${JSON.stringify(serverConfig, null, 2)}`;
+}

package/dist/mcp/server.d.ts

@@ -0,0 +1,41 @@
+/**
+ * MCP Server - Expose CLI tools as MCP tools
+ *
+ * Implements the Model Context Protocol (MCP) over stdio
+ * https://modelcontextprotocol.io/
+ *
+ * SECURITY: Includes execution safeguards:
+ * - Audit logging of all tool calls
+ * - Rate limiting to prevent abuse
+ * - Trust level tracking for packages
+ */
+import { type Manifest } from '../core/manifest.js';
+/**
+ * MCP Server that wraps a CLI tool
+ */
+export declare class McpServer {
+    private manifest;
+    private packagePath;
+    private tools;
+    private rateLimits;
+    private totalCallCount;
+    constructor(manifest: Manifest, packagePath: string);
+    /**
+     * SECURITY: Check if a tool call should be rate limited
+     */
+    private checkRateLimit;
+    /**
+     * Start the MCP server (stdio mode)
+     */
+    start(): Promise<void>;
+    private handleMessage;
+    private handleRequest;
+    private handleToolCall;
+    private executeCommand;
+    private sendResult;
+    private sendError;
+}
+/**
+ * Start MCP server for a package
+ */
+export declare function startMcpServer(manifest: Manifest, packagePath: string): Promise<void>;

package/dist/mcp/server.js

@@ -0,0 +1,296 @@
+/**
+ * MCP Server - Expose CLI tools as MCP tools
+ *
+ * Implements the Model Context Protocol (MCP) over stdio
+ * https://modelcontextprotocol.io/
+ *
+ * SECURITY: Includes execution safeguards:
+ * - Audit logging of all tool calls
+ * - Rate limiting to prevent abuse
+ * - Trust level tracking for packages
+ */
+import { spawn } from 'child_process';
+import { resolve } from 'path';
+import { appendFileSync, existsSync, mkdirSync } from 'fs';
+import { homedir } from 'os';
+import { manifestToMcpTools } from './adapter.js';
+import { getSecret } from '../core/secrets.js';
+import { loadConfig } from '../core/config.js';
+// ═══════════════════════════════════════════════════════════════════════════
+// SECURITY: Audit logging and rate limiting
+// ═══════════════════════════════════════════════════════════════════════════
+const AUDIT_LOG_DIR = resolve(homedir(), '.cli4ai', 'logs');
+const RATE_LIMIT_WINDOW_MS = 60000; // 1 minute
+const RATE_LIMIT_MAX_CALLS = 100; // Max calls per minute per tool
+/**
+ * Audit log an MCP tool call for security tracking
+ * Can be disabled via `cli4ai config set audit.enabled false`
+ */
+function auditLog(packageName, toolName, args, result, errorMessage) {
+    try {
+        // Check if audit logging is enabled
+        const config = loadConfig();
+        if (!config.audit?.enabled) {
+            return;
+        }
+        if (!existsSync(AUDIT_LOG_DIR)) {
+            mkdirSync(AUDIT_LOG_DIR, { recursive: true });
+        }
+        const logEntry = {
+            timestamp: new Date().toISOString(),
+            package: packageName,
+            tool: toolName,
+            // Redact potentially sensitive argument values, keep keys
+            argKeys: Object.keys(args),
+            result,
+            error: errorMessage,
+            pid: process.pid
+        };
+        const logFile = resolve(AUDIT_LOG_DIR, `mcp-audit-${new Date().toISOString().slice(0, 10)}.log`);
+        appendFileSync(logFile, JSON.stringify(logEntry) + '\n');
+    }
+    catch {
+        // Don't fail tool execution if logging fails
+    }
+}
+/**
+ * MCP Server that wraps a CLI tool
+ */
+export class McpServer {
+    manifest;
+    packagePath;
+    tools;
+    rateLimits = new Map();
+    totalCallCount = 0;
+    constructor(manifest, packagePath) {
+        this.manifest = manifest;
+        this.packagePath = packagePath;
+        this.tools = manifestToMcpTools(manifest);
+    }
+    /**
+     * SECURITY: Check if a tool call should be rate limited
+     */
+    checkRateLimit(toolName) {
+        const now = Date.now();
+        const entry = this.rateLimits.get(toolName);
+        if (!entry || now - entry.windowStart >= RATE_LIMIT_WINDOW_MS) {
+            // Start new window
+            this.rateLimits.set(toolName, { count: 1, windowStart: now });
+            return { allowed: true };
+        }
+        if (entry.count >= RATE_LIMIT_MAX_CALLS) {
+            const retryAfterMs = RATE_LIMIT_WINDOW_MS - (now - entry.windowStart);
+            return { allowed: false, retryAfterMs };
+        }
+        entry.count++;
+        return { allowed: true };
+    }
+    /**
+     * Start the MCP server (stdio mode)
+     */
+    async start() {
+        process.stdin.setEncoding('utf8');
+        let buffer = '';
+        process.stdin.on('data', (chunk) => {
+            buffer += chunk;
+            // Try to parse complete JSON-RPC messages
+            const lines = buffer.split('\n');
+            buffer = lines.pop() || '';
+            for (const line of lines) {
+                if (line.trim()) {
+                    this.handleMessage(line.trim());
+                }
+            }
+        });
+        process.stdin.on('end', () => {
+            process.exit(0);
+        });
+    }
+    handleMessage(message) {
+        try {
+            const request = JSON.parse(message);
+            this.handleRequest(request);
+        }
+        catch (err) {
+            this.sendError(null, -32700, 'Parse error');
+        }
+    }
+    async handleRequest(request) {
+        const { id, method, params } = request;
+        try {
+            switch (method) {
+                case 'initialize':
+                    this.sendResult(id, {
+                        protocolVersion: '2024-11-05',
+                        capabilities: {
+                            tools: {}
+                        },
+                        serverInfo: {
+                            name: `cli4ai-${this.manifest.name}`,
+                            version: this.manifest.version
+                        }
+                    });
+                    break;
+                case 'initialized':
+                    // No response needed
+                    break;
+                case 'tools/list':
+                    this.sendResult(id, {
+                        tools: this.tools.map(t => ({
+                            name: t.name,
+                            description: t.description,
+                            inputSchema: t.inputSchema
+                        }))
+                    });
+                    break;
+                case 'tools/call':
+                    await this.handleToolCall(id, params);
+                    break;
+                case 'ping':
+                    this.sendResult(id, {});
+                    break;
+                default:
+                    this.sendError(id, -32601, `Method not found: ${method}`);
+            }
+        }
+        catch (err) {
+            this.sendError(id, -32603, err.message);
+        }
+    }
+    async handleToolCall(id, params) {
+        const { name, arguments: args = {} } = params;
+        // SECURITY: Rate limiting
+        const rateCheck = this.checkRateLimit(name);
+        if (!rateCheck.allowed) {
+            auditLog(this.manifest.name, name, args, 'rate_limited');
+            this.sendError(id, -32000, `Rate limit exceeded. Retry after ${Math.ceil((rateCheck.retryAfterMs || 0) / 1000)}s`);
+            return;
+        }
+        // Track total calls for monitoring
+        this.totalCallCount++;
+        // Parse tool name: package_command
+        const parts = name.split('_');
+        if (parts.length < 2 || parts[0] !== this.manifest.name) {
+            auditLog(this.manifest.name, name, args, 'error', 'Unknown tool');
+            this.sendError(id, -32602, `Unknown tool: ${name}`);
+            return;
+        }
+        const command = parts.slice(1).join('_');
+        const cmdDef = this.manifest.commands?.[command];
+        if (!cmdDef) {
+            auditLog(this.manifest.name, name, args, 'error', 'Unknown command');
+            this.sendError(id, -32602, `Unknown command: ${command}`);
+            return;
+        }
+        // Build command arguments in order
+        const cmdArgs = [command];
+        if (cmdDef.args) {
+            for (const argDef of cmdDef.args) {
+                const value = args[argDef.name];
+                if (value !== undefined && value !== '') {
+                    cmdArgs.push(String(value));
+                }
+                else if (argDef.required) {
+                    auditLog(this.manifest.name, name, args, 'error', `Missing required argument: ${argDef.name}`);
+                    this.sendError(id, -32602, `Missing required argument: ${argDef.name}`);
+                    return;
+                }
+            }
+        }
+        // Execute the CLI tool
+        const entryPath = resolve(this.packagePath, this.manifest.entry);
+        try {
+            const result = await this.executeCommand(entryPath, cmdArgs);
+            auditLog(this.manifest.name, name, args, 'success');
+            this.sendResult(id, {
+                content: [{ type: 'text', text: result }]
+            });
+        }
+        catch (err) {
+            const errorMessage = err.message;
+            auditLog(this.manifest.name, name, args, 'error', errorMessage);
+            this.sendResult(id, {
+                content: [{ type: 'text', text: errorMessage }],
+                isError: true
+            });
+        }
+    }
+    executeCommand(entryPath, args) {
+        return new Promise((resolve, reject) => {
+            // Use tsx for TypeScript files, node for JavaScript
+            let cmd;
+            let cmdArgs;
+            if (entryPath.endsWith('.ts') || entryPath.endsWith('.tsx')) {
+                cmd = 'npx';
+                cmdArgs = ['tsx', entryPath, ...args];
+            }
+            else {
+                cmd = 'node';
+                cmdArgs = [entryPath, ...args];
+            }
+            // Inject secrets from manifest env definitions
+            // SECURITY: Use package-scoped secret lookup (tries scoped first, then global)
+            const secretsEnv = {};
+            if (this.manifest.env) {
+                for (const key of Object.keys(this.manifest.env)) {
+                    const value = getSecret(key, this.manifest.name);
+                    if (value) {
+                        secretsEnv[key] = value;
+                    }
+                }
+            }
+            const proc = spawn(cmd, cmdArgs, {
+                stdio: ['pipe', 'pipe', 'pipe'],
+                env: { ...process.env, ...secretsEnv }
+            });
+            let stdout = '';
+            let stderr = '';
+            proc.stdout.on('data', (data) => {
+                stdout += data.toString();
+            });
+            proc.stderr.on('data', (data) => {
+                stderr += data.toString();
+            });
+            proc.on('close', (code) => {
+                if (code !== 0) {
+                    reject(new Error(stderr || `Exit code ${code}`));
+                }
+                else {
+                    resolve(stdout);
+                }
+            });
+            proc.on('error', (err) => {
+                reject(err);
+            });
+        });
+    }
+    sendResult(id, result) {
+        if (id === null)
+            return;
+        const response = {
+            jsonrpc: '2.0',
+            id,
+            result
+        };
+        console.log(JSON.stringify(response));
+    }
+    sendError(id, code, message) {
+        // Per JSON-RPC 2.0 spec, error responses for parse errors should include id: null
+        // For other errors where id is null (shouldn't happen), we skip the response
+        if (id === null && code !== -32700)
+            return;
+        const response = {
+            jsonrpc: '2.0',
+            id: id, // For parse errors (-32700), this will be cast from null
+            error: { code, message }
+        };
+        console.log(JSON.stringify(response));
+    }
+}
+/**
+ * Start MCP server for a package
+ */
+export async function startMcpServer(manifest, packagePath) {
+    const server = new McpServer(manifest, packagePath);
+    await server.start();
+}

package/dist/server/service.d.ts

@@ -0,0 +1,85 @@
+/**
+ * cli4ai Remote Service
+ *
+ * HTTP server that exposes cli4ai functionality for remote execution.
+ * Run with `cli4ai serve` to start the service.
+ */
+import { createServer } from 'http';
+import { type ScopeLevel } from '../core/execute.js';
+export interface ServiceConfig {
+    /** Port to listen on (default: 4100) */
+    port: number;
+    /** Host to bind to (default: 0.0.0.0) */
+    host: string;
+    /** API key for authentication (optional but recommended) */
+    apiKey?: string;
+    /** Working directory for command execution */
+    cwd: string;
+    /** Allowed scope levels (defaults to ['read', 'write', 'full']) */
+    allowedScopes?: ScopeLevel[];
+}
+export interface RunToolRequest {
+    /** Package name */
+    package: string;
+    /** Command within the package */
+    command?: string;
+    /** Arguments to pass */
+    args?: string[];
+    /** Environment variables */
+    env?: Record<string, string>;
+    /** Standard input to pass to the tool */
+    stdin?: string;
+    /** Timeout in milliseconds */
+    timeout?: number;
+    /** Scope level for execution */
+    scope?: ScopeLevel;
+}
+export interface RunToolResponse {
+    success: boolean;
+    exitCode: number;
+    stdout?: string;
+    stderr?: string;
+    durationMs: number;
+    error?: {
+        code: string;
+        message: string;
+        details?: Record<string, unknown>;
+    };
+}
+export interface RunRoutineRequest {
+    /** Routine name */
+    routine: string;
+    /** Variables to pass to the routine */
+    vars?: Record<string, string>;
+}
+export interface ListPackagesResponse {
+    packages: Array<{
+        name: string;
+        version: string;
+        path: string;
+        source: 'local' | 'registry';
+    }>;
+}
+export interface PackageInfoResponse {
+    name: string;
+    version: string;
+    description?: string;
+    commands?: Record<string, {
+        description: string;
+    }>;
+}
+export interface HealthResponse {
+    status: 'ok';
+    hostname: string;
+    version: string;
+    uptime: number;
+}
+export declare function createService(config: ServiceConfig): ReturnType<typeof createServer>;
+export interface StartServiceOptions {
+    port?: number;
+    host?: string;
+    apiKey?: string;
+    cwd?: string;
+    allowedScopes?: ScopeLevel[];
+}
+export declare function startService(options?: StartServiceOptions): Promise<void>;